MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b9632e4c0346145d22d9dace310ebe39c49be755d203aa0ce35c7050487b93d6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 11


Intelligence 11 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b9632e4c0346145d22d9dace310ebe39c49be755d203aa0ce35c7050487b93d6
SHA3-384 hash: 2c007a3be78cdfe269415e2075f2263808f72e76aabb81a53cd76006098dd9e13810bd4c4782516192602121326d5b51
SHA1 hash: c17b09c0b898089101ae8786fd4a0ed589dd82f4
MD5 hash: d53e2518ee53d3e33519ca27551ea176
humanhash: purple-grey-nevada-utah
File name:horizon.mips
Download: download sample
Signature Mirai
Create hunting rule
File size:56'548 bytes
First seen:2025-05-18 18:03:36 UTC
Last seen:Never
File type: elf
MIME type:application/x-executable
ssdeep 768:d2xtxwJ0ghi7xsL67xG8Nc1l+MzWH3nQNHgbJO+v51G57575K5u5rF5l5n5VbQ9Q:Uxw7hi7W76XnLO5XQ9LnpHBXwPT+yN
TLSH T1FA43864D7A719FFDFFAD823947B35E209259339526E0C248E1ACE9010FB020D645FBA9
telfhash t15a01cd58043802f093804cdebbecff38e0a140df9a252e378d00ea9beb21a458d00d2c
Magika elf
Reporter abuse_ch
Tags:elf mirai

Intelligence

File Origin
# of uploads :
1
# of downloads :
85
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
Unix.Dropper.Mirai-7135870-0
Create hunting rule

Unix.Dropper.Mirai-7135906-0
Create hunting rule

Unix.Dropper.Mirai-7135966-0
Create hunting rule

Unix.Dropper.Mirai-7135967-0
Create hunting rule

Unix.Trojan.Mirai-9935718-0
Create hunting rule

Verdict:
Malicious
Score:
81.4%
Link:
https://cyber-fortress.com/docs/result/index.php?id=682a23ac375681df7c1a5909linux22vpnfull_triage
Tags:
mirai ddos
Result
Verdict:
Malware
Maliciousness:

Behaviour
Runs as daemon
Connection attempt
Receives data from a server
Opens a port
DNS request
Sends data to a server
Substitutes an application name
Performs a bruteforce attack in the network
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
masquerade obfuscated
Link:
https://www.filescan.io/uploads/682a212bc609634bd7c7c0e8/reports/92c2b045-feca-45ba-a8b8-f50c3b3b3409/overview
Verdict:
Malicious
Uses P2P?:
false
Uses anti-vm?:
false
Architecture:
mips
Packer:
not packed
Botnet:
unknown
Number of open files:
1
Number of processes launched:
4
Processes remaning?
true
Remote TCP ports scanned:
23
Full report:
https://elfdigest.com/brief/b9632e4c0346145d22d9dace310ebe39c49be755d203aa0ce35c7050487b93d6
Behaviour
Process Renaming
Botnet C2s
TCP botnet C2(s):
not identified
UDP botnet C2(s):
not identified
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/fd7c35be-e45b-4f95-bafa-ceb084356e4d
Result
Threat name:
n/a
Detection:
malicious
Classification:
troj
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/1693444
Signature
Multi AV Scanner detection for submitted file
Performs DNS queries to domains with low reputation
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1693444 Sample: horizon.mips.elf Startdate: 18/05/2025 Architecture: LINUX Score: 52 16 cnc.horizonisrising.xyz 2->16 18 203.84.208.197 YAHOO-1US Hong Kong 2->18 20 99 other IPs or domains 2->20 22 Multi AV Scanner detection for submitted file 2->22 8 horizon.mips.elf 2->8         started        signatures3 24 Performs DNS queries to domains with low reputation 16->24 process4 process5 10 horizon.mips.elf 8->10         started        12 horizon.mips.elf 8->12         started        process6 14 horizon.mips.elf 10->14         started       
Score:
100%
Verdict:
Malware
File Type:
ELF
Link:
https://malprob.io/report/b9632e4c0346145d22d9dace310ebe39c49be755d203aa0ce35c7050487b93d6
Detection:
mirai
Create hunting rule
Link:
https://mwdb.cert.pl/sample/b9632e4c0346145d22d9dace310ebe39c49be755d203aa0ce35c7050487b93d6/
Threat name:
Linux.Worm.Mirai
Create hunting rule
Status:
Malicious
First seen:
2025-05-18 18:04:30 UTC
File Type:
ELF32 Big (Exe)
AV detection:
25 of 37 (67.57%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=xfrs4tadiykf2iwz3lhdcdv6hhcjxz2v2ib2udhdlryfasd3spla._file
Result
Malware family:
mirai
Create hunting rule
Score:
  10/10
Tags:
family:mirai defense_evasion discovery
Link:
https://tria.ge/reports/250518-wnnkqaan9w/
Behaviour
System Network Configuration Discovery
Changes its process name
Reads system network configuration
Enumerates active TCP sockets
Writes file to system bin folder
Modifies Watchdog functionality
Contacts a large (55661) amount of remote hosts
Creates a large amount of network flows
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/b9632e4c0346145d22d9dace310ebe39c49be755d203aa0ce35c7050487b93d6

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

elf b9632e4c0346145d22d9dace310ebe39c49be755d203aa0ce35c7050487b93d6

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3546486/
  
Delivery method
Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh

Comments